We're supposed to set the action attribute on the form element we just
created. Previously, we assumed the newly created form element would
be on the top of the stack of open elements, but if we're in the table
body insertion mode, the form element gets treated as self closing and
is therefore popped off the stack of open elements.

Fortunately, we already cache a pointer to the most recently inserted
form element on the HTMLConstructionSite, so we can just grab the
element from there.

Implemented an interpreter that uses the JIT's calling convention. This
interpreter is called LLInt, or the Low Level Interpreter. JSC will now
will start by executing code in LLInt and will only tier up to the old
JIT after the code is proven hot.

LLInt is written in a modified form of our macro assembly. This new macro
assembly is compiled by an offline assembler (see offlineasm), which
implements many modern conveniences such as a Turing-complete CPS-based
macro language and direct access to relevant C++ type information
(basically offsets of fields and sizes of structs/classes).

Code executing in LLInt appears to the rest of the JSC world "as if" it
were executing in the old JIT. Hence, things like exception handling and
cross-execution-engine calls just work and require pretty much no
additional overhead.

This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
V8, and Kraken, but appear to get a double-digit improvement on real-world
websites due to a huge reduction in the amount of JIT'ing.

[TreatReturnedNullStringAsNull] is a typo of [TreatReturnedNullStringAs=Null].
But as far as I read the spec
(​http://www.whatwg.org/specs/web-apps/current-work/multipage/the-video-element.html#attr-media-mediagroup),
there is no statement about what value should be returned when HTMLMediaElement.mediaGroup
is not yet initialized. In particular, there is no statement that says "null should
be returned when HTMLMediaElement.mediaGroup is not initialized". Thus, instead of
fixing the typo, just removing [TreatReturnedNullStringAsNull] would make sense.
Removing [TreatReturnedNullStringAsNull] does not change the current behavior.

CSSStyleDeclaration.idl uses [JSGenerateIsReachable=ImplRoot],
but "ImplRoot" is not implemented in CodeGeneratorJS.pm.
This patch replaces [JSGenerateIsReachable=ImplRoot] with [JSGenerateIsReachable].

Although the canvas specification states that the backing image may
be larger than the user-specified dimensions, there are a number of
philip canvas tests that fail when the backing image data is not
1:1 with the specified canvas dimensions. These failures are
tracked in ​https://bugs.webkit.org/show_bug.cgi?id=73645

This change defaults the canvas backing store to be 1:1 with the
user-specified dimensions, while also providing an
ENABLE(HIGH_DPI_CANVAS) build option to reinstate the original
behaviour, so that the above bug may be more easily fixed.

(CopiedAllocator): Friended the JIT to allow access to m_currentOffset.

heap/CopiedSpace.h:

(CopiedSpace): Friended the JIT to allow access to
(JSC::CopiedSpace::allocator):

heap/Heap.h:

(JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT
can use it for simple allocation i.e. when we can just bump the offset without having to
do anything else.

jit/JIT.cpp:

(JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when
we have to bail out because the fast allocation path fails for whatever reason.

jit/JIT.h:

(JIT):

jit/JITInlineMethods.h:

(JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to
allocate generic backing stores. This function is used by emitAllocateJSArray.
(JSC):
(JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to
more easily allocate JSArrays. This function is used by emit_op_new_array and I expect
it will also be used for emit_op_new_array_buffer.

jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does
a stub call for oversize arrays.
(JSC):
(JSC::JIT::emitSlow_op_new_array): Just bails out to a stub call if we fail in any way on
the fast path.

runtime/JSArray.cpp:

(JSC):

runtime/JSArray.h: Added lots of offset functions for all the fields that we need to

initialize in the JIT.
(ArrayStorage):
(JSC::ArrayStorage::lengthOffset):
(JSC::ArrayStorage::numValuesInVectorOffset):
(JSC::ArrayStorage::allocBaseOffset):
(JSC::ArrayStorage::vectorOffset):
(JSArray):
(JSC::JSArray::sparseValueMapOffset):
(JSC::JSArray::subclassDataOffset):
(JSC::JSArray::indexBiasOffset):
(JSC):
(JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file
to being a static function in the JSArray class. This move allows the JIT to call it to
see what size it should allocate.

It's not necessary to add a full-viewport rect to the scissor clip stack.
It creates a situation where if there's a clip in the page, we return to
the viewport clip instead of applying the WebView's clip we got from the
scenegraph.

Also, it's unnecessary to clip before we paint the layer's content, we should
only clip afterwards, before painting the children.

(WebCore):
(WebCore::NavigatorVibration::NavigatorVibration):
(WebCore::NavigatorVibration::~NavigatorVibration):
(WebCore::NavigatorVibration::webkitVibrate):
Add webkitVibrate method to get an array or single integer parameter for vibrating.
They check vibration is activated in the platform, and then call vibrate() in the Vibration class.

Extracted various functions from CreateHandler, ReportHanlder, and RunsHanlder to model classes
in order to unit-test them, added DataStoreTestsBase to reduce the code duplication in tests,
and added a whole bunch of unit tests in models_unittest.py.

Added a new CopyAllocator class, which allows us to do allocations without
having to load the current offset and store the current offset in the current
block. This change will allow us to easily do inline assembly in the JIT for
array allocations.

RenderMathMLRow::baselinePosition() is actually unnecessary, but I am deleting it in two
steps. First we add a guard to restrict it to the intended PositionOnContainingLine
case, leaving PositionOfInteriorLineBoxes to a superclass, RenderBlock. This removes
some randomness, and tightens up the results of four existing test files.

The patch exposes a function to return the "no file(s) selected" label text.

rendering/RenderTheme.cpp:

(WebCore::RenderTheme::fileListDefaultLabel): Added to expose the text for the label in
file upload controls when nothing has been selected.
(WebCore::RenderTheme::fileListNameForWidth): Refactor to use fileListDefaultLabel().

rendering/RenderTheme.h: Change fileListNameForWidth() to be a const function.

rendering/RenderThemeMac.h: Update fileListNameForWidth() to be a const function for

platform implementations.

rendering/RenderThemeMac.mm:

(WebCore::RenderThemeMac::fileListNameForWidth): Refactor to use fileListDefaultLabel().

Update fileListNameForWidth() to be a const function for platform implementations.

platform/gtk/RenderThemeGtk.h:

platform/gtk/RenderThemeGtk.cpp:

platform/qt/RenderThemeQt.h:

platform/qt/RenderThemeQt.cpp:

rendering/RenderFileUploadControl.cpp:

(WebCore::RenderFileUploadControl::computePreferredLogicalWidths): Change the calculation
of the max preferred logical width. Calculate the length of the "no file(s) selected" text,
and include the button and after-button margin. Take the max of that and the original
default width, which was a string of 34 (defaultWidthNumChars) "0"'s, in the case that the
label text is too short.

Re-implement this as a regular accessor property. This has three key benefits:
1) It makes it possible for objects to be given properties named proto.
2) Object.prototype.proto can be deleted, preventing object prototypes from being changed.
3) This largely removes the magic used the implement proto, it can just be made a regular accessor property.

Source/JavaScriptCore:

parser/Parser.cpp:

(JSC::::parseFunctionInfo):

No need to prohibit functions named proto.

runtime/JSGlobalObject.cpp:

(JSC::JSGlobalObject::reset):

Add proto accessor to Object.prototype.

runtime/JSGlobalObjectFunctions.cpp:

(JSC::globalFuncProtoGetter):
(JSC::globalFuncProtoSetter):

Definition of the proto accessor functions.

runtime/JSGlobalObjectFunctions.h:

Declaration of the proto accessor functions.

runtime/JSObject.cpp:

(JSC::JSObject::put):

Remove the special handling for proto, there is still a check to allow for a fast guard for accessors excluding proto.

(JSC::JSObject::putDirectAccessor):

Track on the structure whether an object contains accessors other than one for proto.

(JSC::JSObject::defineOwnProperty):

No need to prohibit definition of own properties named proto.

runtime/JSObject.h:

(JSC::JSObject::inlineGetOwnPropertySlot):

Remove the special handling for proto.

(JSC::JSValue::get):

Remove the special handling for proto.

runtime/JSString.cpp:

(JSC::JSString::getOwnPropertySlot):

Remove the special handling for proto.

runtime/JSValue.h:

(JSValue):

Made synthesizePrototype public (this may be needed by the proto getter).

Previously, accessing the CSS property was done by converting from
the JavaScript name to the CSS name, then converting that name to a lowercase
character array, and finally getting the CSS property ID.

This patch cut the indirection and make the code go directly from the
JavaScript name conversion to the CSS property ID.

This improves the performance mainly due to the following:
-avoid dynamic memory allocation
-cut the conversion early when possible
-do not parse the string twice
The previous fast-path optimization was removed because it is no longer
necessary with this change.

The improvement are the following:
-previous fast-path: no change
-previous slow-path: ~3 times faster

Test: fast/dom/CSSStyleDeclaration/access-longest-css-property.html
This just test the edge case of CSSPropertyName.

The issue occurs because a CachedImage sees that it has no clients
and decide it is safe to purge its m_data buffer. However,
StyleCachedImage is holding a CachedResourceHandle to the
CachedImage, and it can still add a client later. If it does so,
the CachedImage says everything is loaded but has no data.

Reviewed by Adam Barth.

No new tests, since the known repros have resisted reduction.
Tested manually with chrome.angrybirds.com, redfin.com and a
couple of other sites.

rendering/style/StyleCachedImage.cpp:

rendering/style/StyleCachedImage.h: Ensure the underlying

CachedImage has a client for the lifetime of the
StyleCachedImage and doesn't purge its buffer. Call
addClient(this) in the constructor and removeClient(this) in
the destructor, then ignore all cache callbacks.

The issue occurs because a CachedImage sees that it has no clients
and decide it is safe to purge its m_data buffer. However,
StyleCachedImage is holding a CachedResourceHandle to the
CachedImage, and it can still add a client later. If it does so,
the CachedImage says everything is loaded but has no data.

Reviewed by Adam Barth.

No new tests, since the known repros have resisted reduction.
Tested manually with chrome.angrybirds.com, redfin.com and a
couple of other sites.

rendering/style/StyleCachedImage.cpp:

rendering/style/StyleCachedImage.h: Ensure the underlying

CachedImage has a client for the lifetime of the
StyleCachedImage and doesn't purge its buffer. Call
addClient(this) in the constructor and removeClient(this) in
the destructor, then ignore all cache callbacks.

This looks like a bug in gobject. Initializing the WebProcess
before creating the soup session seems to fix the problem. It's
actually a workaround, but initializing the WebProcess as sson as
possible it's a good idea in any case.

Stretchy operators, including embellished ones, should stretch to the largest height of
the non-stretchy items in the same explicit or implicit <mrow>.
RenderMathMLRow::layout() used to use hasBase(), isRenderMathMLOperator(), and
nonOperatorHeight() to approximate this height. We now use unembellishedOperator() to
improve this approximation, while also simplifying the code. More plainly, the code used
to skip all operators when estimating this height, instead of just the stretchy ones. We
continue to do that for now, but we more accurately skip all embellished operators
(using our currently implemented approximate definition of this), and use the simple and
true height of the remaining items. In case all items in the row are stretchy,
style()->fontSize() is better than using whatever heights these items currently happen
to be stretched to.

(WebCore::HTMLMediaElement::HTMLMediaElement): Added initialization code
for newly added state variables.
(WebCore::trackIndexCompare): Static boolean compare function between
the index of two tracks.
(WebCore):
(WebCore::eventTimeCueCompare): Static boolean compare function between
events associated with text track cues.
(WebCore::HTMLMediaElement::updateActiveTextTrackCues): Added code to
sort the events associated with text track cues before dispatching.
Each step from the specification is commented within the code.
(WebCore::HTMLMediaElement::finishSeek): Added a boolean variable that
is needed within the text track update function, to know whether a seek
event has occured before or not.
(WebCore::HTMLMediaElement::mediaPlayerTimeChanged): Moved the update
call for text tracks at the beginning of the function instead of the end.
'ended' events for video should be dispatched after track specific events.

html/HTMLMediaElement.h: Added variables to keep

state information required by the text track update algorithm (last time
the algorithm was run, and whether a seeking event has occured)
(HTMLMediaElement):

html/LoadableTextTrack.cpp: Refactored fireCueChangeEvent method

(WebCore::LoadableTextTrack::fireCueChangeEvent): The method dispatches a
synchronous cue change event for the track element.

(WebCore::TextTrack::TextTrack):
(WebCore::TextTrack::trackIndex): Cached the track index.
(WebCore):
(WebCore::TextTrack::invalidateTrackIndex): Invalidates the track. Used
when a new track is added in a TextTrackList instance.

html/TextTrack.h:

(TextTrack):
(WebCore::TextTrack::fireCueChangeEvent): The fireCueChangeEvent has been changed,
as events need to be fired asyncronously.

html/TextTrackCue.cpp: Added internal variables to keep the current index

position in the track cue order. This is invalidated when an element is
inserted before.
(WebCore::TextTrackCue::TextTrackCue):
(WebCore::TextTrackCue::cueIndex): Getter for the cueIndex.
(WebCore):
(WebCore::TextTrackCue::invalidateCueIndex): Invalidates the currently stored
cue index.
(WebCore::TextTrackCue::dispatchEvent): Event dispatching is done asynchronously
now. This should be the only method used for event dispatching.
(WebCore::TextTrackCue::setIsActive): The setIsActive method no longer dispatches
events, but rather just changes the m_isActive variable.

html/TextTrackCue.h:

(TextTrackCue):

html/TextTrackCueList.cpp:

(WebCore::TextTrackCueList::getCueIndex): Retrieves the cue index, in the track cue
order, of a given cue.
(WebCore):
(WebCore::TextTrackCueList::add): Modified the add method such that all the next cue
indexes are invalidated.
(WebCore::TextTrackCueList::invalidateCueIndexes): Invalidates all cue indexes starting
with a specific position.

(JSC::ClosureFeature):
(JSC::ASTBuilder::createFunctionBody):
(JSC::ASTBuilder::usesClosures):
Remove "ClosureFeature". Since we track captured variables more
precisely, this bit doesn't do us any good.

This patch implements the proxy authentication handling
for the Qt port in a similar matter to the http authentication
implementation.

Since there is a need to pass the proxy port, which is of type uint16_t,
from the WebProcess to the UIProcess, an encoder and a decoder for
this type was added because it did not exist.

The message that was added to the WebPageProxy is called synchronously
as this is needed by the implementation of the network access manager
and has also been implemented this way already for the http
authentication.

This patch makes spin button in number input field clicks to fire input and change events as described in WHATWG HTML5 specification.
To implement this behavior, this patch introduces new value DispatchInputAndChangeEvent in TextFieldEventBehavior.

This patch introduces InsertionPoint, which will be a common base class of HTMLShadowElement and HTMLContentElement.

This is a step for rendering <shadow> correctly, because <shadow> has almost the same function of <content>.
After this patch, we will change NodeRenderingContext and related classes to accept InsertionPoint instead of
HTMLContentElement only.

This move stubs for ScrollingCoordinator functions into ScrollingCoordinatorNone.cpp instead of #ifdefing inside
ScrollingCoordinator.cpp. The mac port uses ScrollingCoordinator when #if ENABLE(THREADED_SCROLLING) is not set
and implementations in ScrollingCoordinator.cpp / ScrollingCoordinatorMac.mm otherwise. The chromium port
always uses implementations in ScrollingCoordinatorChromium.cpp. All other ports use
ScrollingCoordinatorNone.cpp.

Change the behavior of CSSValue getters to return unique JS wrappers every
time they are called. This means we no longer have to deal with the risk
of leaking custom properties between unrelated documents, and are free to
implement global value sharing across WebCore.

This patch will be followed by one making CSSValuePool globally shared,
it's done in two steps to monitor the impact of this change.

A block within an inline is affected by relative positioning on the inline box. Give
the anonymous block containing the block a layer and make it relative positioned. Then
calculate the offset of the anonymous block's layer by accumulating the offsets from its
inline continuation and the inline continuation's inline parents.
If the position of an inline changes from or to relative positioned then ensure that any
descendant blocks update their position and layer accordingly.

rendering/RenderBoxModelObject.cpp:

(): add an enum RelPosAxis
(WebCore::accumulateRelativePositionOffsets):
Total up the offsets of all relatively positioned inlines that are de-facto parents of the relatively
positioned anonymous block's child block.

(WebCore):
(WebCore::RenderBoxModelObject::relativePositionOffsetX):
Use accumulateRelativePositionOffsets when calculating the relative position offset of a relatively positioned anonymous block.

(WebCore::RenderBoxModelObject::relativePositionOffsetY): ditto

rendering/RenderInline.cpp:

(WebCore::hasRelPositionedInlineAncestor):
Detects if the anonymous block contains a block that is the de-facto descendant of a relatively positioned inline.

(WebCore::updateStyleOfAnonymousBlockContinuations):
Update the style's positioning for each anonymous block containing a block that is descendant from the inline whose style has changed.

(WebCore::RenderInline::styleDidChange):
If an inline changes to or from relative positioning ensure that any descendant blocks change to or from relative positioning
as well, unless they still have a relatively positioned ancestor after the current ancestor loses its relative positioning.

(WebCore::RenderInline::addChildIgnoringContinuation):
If the anonymous block contains a block that is effectively descended from a relatively positioned inline, make it relatively
positioned so the block will respect its inline ancestor's relative positioning.

rendering/RenderObject.cpp:

(WebCore::RenderObject::propagateStyleToAnonymousChildren):
Preserve style position in anonymous block continuations when the parent block propagates a style change.

Rather than move pixels in the backing store in response to scrolling, we can maintain a
mapping, for the most recently scrolled rect, from backing store coordinates to view
client coordinates.

UIProcess/BackingStore.h:

UIProcess/mac/BackingStoreMac.mm:

(WebKit::BackingStore::performWithScrolledRectTransform): Added. Given a block to be
performed on a rect, divides the rect into parts such that for each part the mapping from
backing store coordinates to client coordinates is a (uniform) translation, and performs
the block on that part, passing it the translation that applies to the part.
(WebKit::BackingStore::resetScrolledRect): Added. Copies everything in the scrolled rect
back to where it should be under the identity map, and resets the scrolled rect and offset.
(WebKit::BackingStore::paint): Changed to call through performWithScrolledRectTransform().
(WebKit::BackingStore::incorporateUpdate): Ditto.
(WebKit::BackingStore::scroll): Now instead of copying pixels, just updates the scrolled
rect and offset.

In the refactoring/cleanup in r108005 I should've changed the
implementation of WorkerConnection to make it match BrokerClient
(and everything else) so that objects had a name() method
instead of a name property.

Turns out array_stream didn't really do anything that StringIO
didn't do (at least as of Python 2.6). This change removes it
and updates all of the callers. Where possible, I changed the
test assertions in order to capture the intent more clearly,
e.g., instead of calling self.assertTrue('foo' in stream.get()),
we have self.assertContainsLine(stream, 'foo'), and instead of
self.assertTrue(stream.empty()), we have self.assertEmpty(stream) -
the latter isn't that much more readable, but StringIO doesn't
export an empty() method.

Added the notion of a DFG::Phase. Removed DFG::Propagator, and took its
various things and put them into separate files. These new phases follow
the naming convention "DFG<name>Phase" where <name> is a noun. They are
called via functions of the form "perform<name>".

Now that FontFamilyValue's string doesn't change after creation, we can just
pass the massaged family name up to the CSSPrimitiveValue constructor and get
cached cssText() for free. This also shrinks FontFamilyValue by sizeof(String)
though that's less of an issue now that we cache them in CSSValuePool.

There is a warning in memset in glibc that gets triggered through a
warndecl when the fill-value of memset is a non-zero constant and the
size is zero. This warning is enabled when building with
-D_FORTIFY_SOURCE=2. This patch fixes the warning.

[V8OnInstance] means that the method should be defined
(not on a prototype chain but) on a DOM object. It is the
same meaning as [V8Unforgeable]. This patch replaces [V8OnInstance]
with [V8Unforgeable].

Currently if a test's image checksum doesn't match the checksum
in the baseline, but the images themselves match according to
ImageDiff, new-run-webkit-tests ignores the problem. This is
probably bad, but it's not yet clear what the right thing to do
is. This patch will log a warning to stderr, at least (but the
test will still pass).

If a test is listed in a Skipped file and you run it anyway
with --force, and the test fails, currently NRWT will print
"test ran as expected"; this is confusing, because you probably
expect the test to fail and yet this might lead you to think the
test passed. This patch changes the expected behavior to "PASS",
so tests that fail will be reported.

I forgot to update the test code as per Tony's suggestion in
bug 78181 (r108005). This change does that, and in doing so
it revealed a subtle bug in _InlineWorkerConnection.run() that
I am fixing as part of this (_alive would not be cleared if an
exception was thrown).

Separates THREADED_SCROLLING from ScrollingCoordinator and enables ScrollingCoordinator-related code on
chromium. ScrollingCoordinator receives scrolling information to be used with an external scrolling source.
ENABLE(THREADED_SCROLLING) enables a codepath that uses a thread in WebCore to handle scrolling related input
events and interact with composited layers.

Define functions that return an unembellished "base", by omitting
subscripts/superscripts, underscripts/overscripts, or denominators. This is needed in
subsequent patches both for correct operator stretching and simple code factoring.

Replace the isOpaque boolean in BitmapTexture to a SupportsAlpha flag.
Use reset/didReset instead of a virtual function that has to call the superclass.

Make sure that all calls to BitmapTexture::reset() pass the correct SupportsAlpha flag,
based on the source image.
Since we now disable blending for opaque textures, we also have to make sure that we treat
the depth buffer correctly and bring it back to its previous state.

The SVGAnimateElement object creates various internal objects
depending on the type of property being animated, which depends on the
target. These objects were not being recreated when the target
changed, and crashes ensued. Now the SVGSMILElement provides a virtual
method that is called when the target changes, and SVGAnimateElement
updates its objects as necessary. We also deactivate the animation
when the target changes, forcing recomputation of other derived
objects.

This change also removes various unnecessary calls to semi-expensive
methods.

Not only does this change fix the new test, it also fixes potential
crashes in other tests that apparently never manifested before (but
manifest when this new test is included in DRT).

This test verifies that the target element information is correctly
updated when the target changes. Note that the clone is required, as
it causes the results of one animation to be pushed to a different
animation.

(WebCore::RenderBlock::splitAnonymousBlocksAroundChild): add
call to splitTablePartsAroundChild to take care of splitting the
table first if the child is part of table.
(WebCore::markTableForSectionAndCellRecalculation): add helper to
mark table for complete relayout by invalidating sections and cells.
(WebCore):
(WebCore::moveAllTableChildrenTo): moves children to another table.
(WebCore::RenderBlock::splitTablePartsAroundChild): split table child
and its next siblings into a new table. This allows adding a new
non-table child between the tables.
(WebCore::RenderBlock::addChildIgnoringAnonymousColumnBlocks): calls
splitTablePartsAroundChild to see if we need to split the table
for adding this new child.

Inline the updateAfterAttributeChanged() and recalcStyleIfNeededAfterAttributeChanged()
methods into Element::attributeChanged(). They were separated when we needed them in
StyledElement::attributeChanged(), but that's no longer the case.

waitForThreadCompletion() had an out param 'void result' to get the
'void *' returned by ThreadFunction. However, the implementation in
ThreadingWin.cpp ignored the out param, not filling it in. This had
led to a situation where none of the client code made use of the param
and just ignored it.

To clean this up, the patch changes the signature of ThreadFunction to
return void instead of void* and drops the the unused 'void result'
parameter from waitForThreadCompletion. Also, all client code is
updated for the API change.

As mentioned in ​https://bugs.webkit.org/show_bug.cgi?id=78389 , even
though the change only affects internal API, Safari is using it
directly and we'll need to keep the old versions around for ABI
compatibility. For this, the patch adds compatibility wrappers with
the old ABI.

Implement support for stack traces on exception objects. This is a rewrite
of the core portion of the last stack walking logic, but the mechanical work
of adding the information to an exception comes from the original work by
Juan Carlos Montemayor Elosua.

Empty inlines with line-height, vertical-alignment or font metrics should only get a linebox if there is some
other content in the line. So only create line boxes for such elements on lines that are not empty.

This patch fixes a regression where an empty inline with line-height was propagating its height to an empty line.
It also fixes cases where lines with content that had a leading empty inline element weren't respecting the
vertical alignment or font-height of the empty inline.

rendering/RenderBlockLineLayout.cpp:

(WebCore::RenderBlock::constructLine): only create line boxes for lines that are not empty.
(WebCore::requiresLineBoxForContent): an inline flow with line-height, vertical-alignment, or font-size

Add a runtime preference to enable/disable regions functionality at runtime(WebKitCSSRegionsEnabled).
CSSRegions are still enabled by default.
In DRT, use layoutTestController.overridePreference("WebKitCSSRegionsEnabled", "0") to disable the css regions functionality.

Add a runtime preference to enable/disable regions functionality at runtime(WebKitCSSRegionsEnabled).
CSSRegions are still enabled by default.
In DRT, use layoutTestController.overridePreference("WebKitCSSRegionsEnabled", "0") to disable the css regions functionality.

Add a runtime preference to enable/disable regions functionality at runtime(WebKitCSSRegionsEnabled).
CSSRegions are still enabled by default.
In DRT, use layoutTestController.overridePreference("WebKitCSSRegionsEnabled", "0") to disable the css regions functionality.

Add a runtime preference to enable/disable regions functionality at runtime(WebKitCSSRegionsEnabled).
CSSRegions are still enabled by default.
In DRT, use layoutTestController.overridePreference("WebKitCSSRegionsEnabled", "0") to disable the css regions functionality.

Add a runtime preference to enable/disable regions functionality at runtime(WebKitCSSRegionsEnabled).
CSSRegions are still enabled by default.
In DRT, use layoutTestController.overridePreference("WebKitCSSRegionsEnabled", "0") to disable the css regions functionality.

DumpRenderTree/chromium/LayoutTestController.cpp:

(LayoutTestController::overridePreference):

DumpRenderTree/chromium/WebPreferences.cpp:

(WebPreferences::reset):
(WebPreferences::applyTo):

DumpRenderTree/chromium/WebPreferences.h:

(WebPreferences):

DumpRenderTree/mac/DumpRenderTree.mm:

(resetDefaultsToConsistentValues):

LayoutTests:

Add a runtime preference to enable/disable regions functionality at runtime(WebKitCSSRegionsEnabled).
CSSRegions are still enabled by default.
In DRT, use layoutTestController.overridePreference("WebKitCSSRegionsEnabled", "0") to disable the css regions functionality.

The issue occurs because a CachedImage sees that it has no clients
and decide it is safe to purge its m_data buffer. However,
StyleCachedImage is holding a CachedResourceHandle to the
CachedImage, and it can still add a client later. If it does so,
the CachedImage says everything is loaded but has no data.

Reviewed by Adam Barth.

No new tests, since the known repros have resisted reduction.
Tested manually with chrome.angrybirds.com, redfin.com and a
couple of other sites.

rendering/style/StyleCachedImage.cpp:

rendering/style/StyleCachedImage.h: Ensure the underlying

CachedImage has a client for the lifetime of the
StyleCachedImage and doesn't purge its buffer. Call
addClient(this) in the constructor and removeClient(this) in
the destructor, then ignore all cache callbacks.

Trimming the render tree when we remove objects from it would be more complex
to generalize as several objects override the behavior to do their own clean-ups.
This would also open more potential for programming errors.

This change is limited to table cells' as a simple step towards fixing bug 52123
and more generally eliminate some anonymous wrappers from the tree at detach time.

dom/Node.cpp:

(WebCore::Node::detach):
Patched detach to call destroyAndCleanupAnonymousWrappers. The Document does not need
to clean up any anonymous wrappers on detach.

rendering/RenderObject.cpp:

(WebCore::RenderObject::destroyAndCleanupAnonymousWrappers):
Added this method to wrap destroy() call and trim the render tree. To avoid slowing down
detach in some cases, added a fast path.

(WebKit::WebPrintOperationGtk::WebPrintOperationGtk): Initialize
manual scale to 1.
(WebKit::WebPrintOperationGtk::rotatePageIfNeeded): Renamed and
moved the needs rotate check here as an early return.
(WebKit::WebPrintOperationGtk::prepareContextToDraw): Scale the
page according to the manual scale factor.
(WebKit::WebPrintOperationGtk::renderPage): Move rotatePage to
prepareContextToDraw.

In V8RecursionScope, only call WebKitMutationObserver::deliverAllMutations
if in a Document context.

This is accomplished through a change to V8Proxy::instrumentedCallFunction
(which now takes a Frame* instead of a Page*), requiring an update to all
callers of that function (accounting for the majority of files changed
in this patch).

Added ASSERT(isMainThread()) in a deliverAllMutations to confirm that
it's no longer called on worker threads, and in enqueueMutationRecord,
where the same global store of active observers is accessed.

(WebKit::PrintPagesData::PrintPagesData): Initialize number of
collated and uncolated copies done and total.
(WebKit::PrintPagesData::collatedCopiesLeft): Helper function that
returns the number of collated copies left to do.
(WebKit::PrintPagesData::uncollatedCopiesLeft): Helper function
that returns the number of uncollated copies left to do.
(WebKit::PrintPagesData::copiesLeft): Helper function
that returns the number of collated or uncollated copies left to
do.
(WebKit::PrintPagesData::incrementPageSequence): Do not finish the
print if there are uncollated copies left, and do not increment
sheet number if there are collated copies left.
(WebKit::WebPrintOperationGtk::WebPrintOperationGtk): Initialize
m_manualCopies to 1 and m_manualCollateCopies to false.

(webkitPrintOperationRunDialogUnix): Enable printing in reverse
order option in print dialog.

WebProcess/WebPage/gtk/WebPrintOperationGtk.cpp:

(WebKit::PrintPagesData::PrintPagesData): Initialize sheetNumber
and lastPagePosition depending on whether printing is in reverse
order or not.
(WebKit::PrintPagesData::incrementPageSequence): Use a negative
increment step when printing in reverse order. Fix page
incrementing when printing only odd/even pages broken in previous
commit due to merge conflicts.
(WebKit::WebPrintOperationGtk::WebPrintOperationGtk): Initialize
reverse printing to false.

Fix a SVG crash in Release builds, although it still crashes in Debug builds.
The crash occurred when an SVG use element attempted to reference a style element while the file
contained an error causing the error banner to display. The fix is to prevent SVGUseElement
from recalculating style during tree building and return immediately when style is recalculated and
the tree is building.

Test: svg/custom/use-referencing-style-crash.svg

svg/SVGUseElement.cpp:

(WebCore::SVGUseElement::willRecalcStyle): Return false if the tree is being built.
(WebCore::SVGUseElement::didRecalcStyle): Check and return if the tree
is being built and we are not yet ready for style update.

LayoutTests:

Fix a SVG crash in Release builds, although it still crashes in Debug builds.
This test is to verify no crash in Release builds, while expectations/Skipped
are added for Debug builds. Bug 77764 tracks the Debug fix.

Add a DOMNodeRemovedFromDocumentEvent listener to detect when the target element is removed. Upon removal,
cleanup all listeners and re-activate the pending resource to attach if the referenced ID is added
at a later time programmatically. Also move the DOMSubtreeModifiedEvent listener from the parent to
the target element to simplify the implementation and reduce the scope.

(WebKit::PrintPagesData::PrintPagesData): Initialize sheetNumber
and numberOfSheets. Move pagePosition to WebPrintOperationGtk.
(WebKit::PrintPagesData::incrementPageSequence): Increment current
sheet and page position.
(WebKit::WebPrintOperationGtk::WebPrintOperationGtk):
(WebKit::WebPrintOperationGtk::currentPageIsFirstPageOfSheet):
Helper function to check whether current pages is the first one of
the current sheet.
(WebKit::WebPrintOperationGtk::currentPageIsLastPageOfSheet):
Helper function to check whether current pages is the last one of
the current sheet.
(WebKit::WebPrintOperationGtk::getRowsAndColumnsOfPagesPerSheet):
Returns the number of rows and columns of pages per sheet.
(WebKit::WebPrintOperationGtk::getPositionOfPageInSheet): Returns
the row and column number of the current page in the current sheet.
(WebKit::WebPrintOperationGtk::prepareContextToDraw): Translate,
scale and rotate accordingly to render every page in the right
place of the sheet.
(WebKit::WebPrintOperationGtk::renderPage): Call
prepareContextToDraw() before drawing the page.

The non-radiused border drawing code would use a transparency layer
when drawing any one or more borders with alpha colors. However,
we only need to use a transparency layer when there is a corner
join between the borders being rendered with any one color,
so add a utility function includesAdjacentEdges() that can tell us
that, and use it to avoid making extraneous transparency layers.

And it's not emitted anynmore when the print dialog has been
cancelled. Since it's not possible to know whether the print
dialog was cancelled or not, the enum WebKitPrintOperationResponse
has been added, with Print and Cancel values, and it's used as
return value of webkit_print_operation_run_dialog().

(webkitWebViewPrintFrame): Check whether the dialog has been
cancelled or not and connect to finish when the print operation is
in progress to release the print operation object when printing
finishes.

(webkitPrintOperationPrintPagesForFrame): Helper function to call
WebPageProxy::drawPagesForPrinting using the given
GtkPrintSettings and GtkPageSetup.
(webkitPrintOperationRunDialogForFrame): Use
webkitPrintOperationPrintPagesForFrame().
(webkit_print_operation_print): Print directly using current
GtkPrintSettings and GtkPageSetup without showing the print
dialog.

Instead of using UpdateInfo to fill the entire tile's texture, we use it as a patch that
contains only the dirty rectangle of the current paint. This requires a lot less memory
for small updates, for example when typing a text in an input field.
This shows a significant reduction in overhead when testing on Mac with Instruments.

(drawPagesForPrintingCompleted): Adopt the WebKitPrintOperation
reference so that it's released when the callback finishes.
(webkitPrintOperationRunDialogForFrame): Pass a reference of
WebKitPrintOperation to the printing callback.

(WebCore::numericPrefix): When we don't parse a number, we could either be
trying to parse junk, which returns NaN, or we could get an empty string,
which returns 0, so we need to account for that in the assert.

Setting page scale factor and its limits in separate methods
may cause clamping bugs if one of them makes it to the
impl thread before the other. Change the API to bundle them together,
which matches the existing impl-side interface.

Use bounds() instead of contentBounds() to calculate the region to mark
as needing painting in LayerChromium::setNeedsDisplay(). contentBounds()
includes contents scale, while bounds() does not.

Since this change also means that TiledLayerChromium::setNeedsDisplayRect() is
given an unscaled rectangle, modify that function to scale the rectangle before
using it to invalidate the underlying tiles.

Tests: New tests added to LayerChromium and TiledLayerChromium unit tests.

platform/graphics/chromium/LayerChromium.h:

(WebCore::LayerChromium::setNeedsDisplay):

platform/graphics/chromium/TiledLayerChromium.cpp:

(WebCore::TiledLayerChromium::setNeedsDisplayRect):

Source/WebKit/chromium:

Added a new unit test for TiledLayerChromium to verify its invalidation behavior when
the contents scale changes. Also enhance and existing unit test for LayerChromium to
verify the paint rectangle dimensions instead just checking that it is not empty.

We have renamed the enum items of AttachPhase, because not only <content> but also
<shadow> will use the phases. Basically these words are taken from Shadow DOM spec.
'Calculating' means NodeRenderingContext is used not for attaching but for calculating RenderObject.

WebDatabase now delegates this function entirely to DatabaseTracker,
a new closeDatabasesImmediately() has been added for that purpose. That
method posts tasks to the appropiate context thread for each database
instance that should be closed immediately.

The DatabaseTracker getAllOpenDatabases() method has been removed from
the chromium impl because it's unsafe, refs cannot be safely taken on
AbstractDatabase instances in the tracker's collection of open databases.

Add a message to the console log when a database is forcibly closed.

Transactions initiated on a database instance that has been forcibly
closed complete with a transaction error callback.

No new layout tests, there is no common code way to closeImmediately.
We have coverage for this in py automation tests.

platform/sql/SQLiteDatabase.cpp:

The closeImmediately code path can result in the underlying sqlite3 handle being
closed earlier than usual and trip some assertions. Updated the assertions to no
longer trigger in this early close case.
(WebCore::SQLiteDatabase::close):
(WebCore::SQLiteDatabase::setMaximumSize):

platform/sql/SQLiteDatabase.h:

(WebCore::SQLiteDatabase::sqlite3Handle):

storage/Database.cpp:

(WebCore::Database::closeImmediately): Modified to only be called on the context thread and to log a console message.
(WebCore::Database::changeVersion): Use the private runTransaction helper method.
(WebCore::Database::transaction): Pass a new param required by the runTransaction helper.
(WebCore::Database::readTransaction): Ditto.
(WebCore::callTransactionErrorCallback): Used to defer invocation of the error callback.
(WebCore::Database::runTransaction): Modified to detect when the database has been closed, and
to invoke the error callback in that case. This also avoids creating a reference cycle between
a newly created transaction and the database that previously existed due to a transction being
added and never removed from the Q while in this state.

storage/Database.h:

storage/DatabaseSync.cpp:

(WebCore::DatabaseSync::closeImmediately): Modified to only be called on the context thread and to log a console message.

The new CSS filter support within the compositor changes how
occlusion tracking needs to function. A filter can change the
alpha value of pixels, making an otherwise opaque pixel no
longer so. Secondly, a filter may move color values around
on a surface, which can cause otherwise occluded areas to
become visible and require painting.

WebKit/blackberry/WebCoreSupport/WebStringImpl.h which hasn't been upstreamed
has been removed internally. We should adapt to this removal for the
upstreamed part of the BlackBerry port. Actually WebStringImpl is not necessary
because it just inherits from WTF::StringImpl but adding nothing.

No functionalities changed, no new tests.

platform/text/blackberry/StringBlackBerry.cpp:

(WTF::String::operator WebString):

Source/WebKit:

blackberry/WebCoreSupport/WebStringImpl.h which hasn't been upstreamed
has been removed internally. We should adapt to this removal for the
upstreamed part of the BlackBerry port. Actually WebStringImpl is not necessary
because it just inherits from WTF::StringImpl but adding nothing.

This clarifies the semantics of finalizers: It's ambiguous and probably
a bug to copy a finalizer (i.e., it's a bug to run a C++ destructor
twice), so I've made Weak<T> non-copyable. Anywhere we used to copy a
Weak<T>, we now use PassWeak<T>.

This also makes Weak<T> HashMaps more efficient.

API/JSClassRef.cpp:

(OpaqueJSClass::prototype): Use PassWeak<T> instead of set(), since
set() is gone now.

(WebCore::ScratchBuffer::getScratchBuffer): Make sure to call clearScratchBuffer()
when we create a new ImageBuffer in order to invalidate cached values.
(WebCore::ScratchBuffer::setCachedShadowValues): Roll together matching and setting
of cached values into one method to enforce them being the same.
(WebCore::ScratchBuffer::setCachedInsetShadowValues): Ditto.

Restructure to use new method described above.
(WebCore::ShadowBlur::drawRectShadowWithoutTiling):
(WebCore::ShadowBlur::drawInsetShadowWithoutTiling):
(WebCore::ShadowBlur::drawInsetShadowWithTiling):
(WebCore::ShadowBlur::drawRectShadowWithTiling):
(WebCore::ShadowBlur::beginShadowLayer):

(WTF):
(WTF::toDoubleType): Template-ized to allow other functions to specify whether they
want to allow trailing junk or not when calling strtod.
(WTF::charactersToDouble):
(WTF::charactersToFloat):
(WTF::charactersToFloatIgnoringJunk): Created new version of charactersToFloat that allows
trailing junk.

wtf/text/WTFString.h:

(WTF):

Source/WebCore:

No new tests.

dom/ViewportArguments.cpp:

(WebCore::numericPrefix): Changed to use the new charactersToFloatWithJunk function(s).

This includes the themeChromiumAndroid.css file from the Chromium-Android port
as well as some addidtional changes they had to html.css. I believe those
changes were made before themeChromiumAndroid was created, but it's now the better place for this CSS.

The spec says that FileReadSync should throw NOT_FOUND_ERR
if a given blob is invalid: ​http://www.w3.org/TR/FileAPI/#FileReaderSync
This patch adds test cases for FileReaderSync with an invalid blob
to check that NOT_FOUND_ERR is thrown.

Currently we postpone touch_down till touch_up if user touches
the screen and an input field has the WebKit focus. This is done
so we can scroll the page without hidding the vkb needlessly.

However, it breaks the conversion of touch to mouse events
if an input field has the focus in the following scenario:
an <input type=text> is focused and an user grab and-drag
a <input type=range> knob/slide. It does not work until the
user unfocuses the currently focused edit field.

Patch introduces a way to unfocus a currently focused input field,
without requesting the client to show or hide the virtual keyboard
right way. Instead it gets a delayed notification of the vkb mode requested
at either touch_released/mouse_up or touch_cancel time.

For now, due to content side issues with major web sites,
only delay navigation mode notification changes if we are not dealing with
input modes.

We were trying to operate on a cached Node when its page/frame/document
were gone to PageCache already. To avoid such problems, lets clean up
any document data we have cached when the Frame goes into the cache.

InRegionScrollableArea specializes the BlackBerry specific ScrollViewBase,
working as a read-only wrapper object for a scrollable areas in the page.
It is used in our client side to control in-region scrolling (scrollable boxes,
inner frames, etc).

The clip was being applied in device coordinates, before transforming the painted
rect into device coordinates. This made any translations get doubly represented,
and gave incorrect paint tracking results.

Multi-column code creates anonymous column blocks directly
under RenderTable, thereby violating table layout assumption.
E.g. Captions in this testcase gets reparented to these anonymous
column blocks and when they go away, they are not able to clear
themselves from table's m_captions list (since RenderTable::removeChild
is not called).

This patch is a small step to support FileSystem API for GTK port.
As I know, bug58443 also dealt with it, but it looks like the submitted patch
needs to be updated. To do that, I think I need to discuss with the original author.
So, I hope to just fix build break issue in this bug.

No new tests. Implementing the feature is not done yet.

GNUmakefile.list.am: Added some missing files.

bindings/js/JSDirectoryEntryCustom.cpp: Added Error.h to use its API.

platform/AsyncFileSystem.cpp:

(WebCore):
(WebCore::AsyncFileSystem::create): The arguments don't match the declaration in AsyncFileSystem.h.

This is an unfortunate bandaid over a corner case where sometimes the
visible descendant status dirty flag is true when this function is
called from FrameView::repaintFixedElementsAfterScrolling. As it
should be cheap to refresh this flag when dirty in most cases (as it
early outs after finding any visible descendant), just lazily update
the dirty flag here to ensure correctness.

Implement support for stack traces on exception objects. This is a rewrite
of the core portion of the last stack walking logic, but the mechanical work
of adding the information to an exception comes from the original work by
Juan Carlos Montemayor Elosua.

The bug is caused by the layout code would wrongly assuming that a
table without a <tbody> is an empty table. We would set the logical
height to the style's logical height wrongly before inflating the
logical height to account for the section(s). This would cause us
to increase past our needed size thus the bug.

rendering/RenderTable.cpp:

(WebCore::RenderTable::layout):
A table is empty if it does not have any top section, not just a <tbody>.
The test uncovered an issue with height distribution in layoutRows where we
would distribute the extra height to the first <tbody> not section.

LayoutTests:

fast/table/double-height-table-no-tbody-expected.html: Added.

fast/table/double-height-table-no-tbody.html: Added.

Test that we properly lay out tables with only a <thead> or <tfoot>
exactly like a table with only a <tbody>.

platform/chromium-linux/tables/mozilla/bugs/bug27038-1-expected.png:

platform/chromium-linux/tables/mozilla/bugs/bug27038-2-expected.png:

platform/chromium-win/tables/mozilla/bugs/bug27038-1-expected.txt:

platform/chromium-win/tables/mozilla/bugs/bug27038-2-expected.txt:

This is neither a progression nor a regression. We are not doing the right
thing as we don't distribute the extra logical height evenly over our sections.
Now we give the extra height to the <thead> (first section) instead of the <tbody>.

(WebCore::proxyAutoConfigurationResultCallback): Stop the runloop, and then process
the results that we received.
(WebCore::processProxyServers): Processing of array of proxy configuration information
moved from addProxyServersForURL. Handling of proxy auto-configuration URLs is now handled
by calling CFNetworkExecuteProxyAutoConfigurationURL and waiting synchronously on the result
callback. Doing this synchronously is not great, but it's the best we can do without a lot
of restructuring of the code that calls this. We arbitrarily time out the execution after five
seconds to avoid permanently hanging.
(WebCore::addProxyServersForURL): Call in to our helper function.

Created a new FocusEvent class (extends UIEvent) with a relatedTarget attribute. Moved
the {Focus,Blur,FocusIn,FocusOut}EventDispatchMediator classes inside FocusEvent. Now when
focusin or focusout events are dispatched, a FocusEvent is created with the relatedTarget
attribute set accordingly. No other logic changes have been made besides adding the
FocusEvent class.

(WebKit::WebPrintOperationGtk::enumeratePrintersFunction):
Simplify the code to select the printer.
(WebKit::WebPrintOperationGtk::renderPage): Call cairo_save()
before rendering the page and cairo_restore() when page has been
rendered.

(webViewDestroyed): Delete the print operation when the view
widget associated is destroyed.
(webkitPrintOperationConstructed): Connect to destroy signal of
associated web view.
(webkitPrintOperationGetProperty):
(webkitPrintOperationSetProperty):
(webkit_print_operation_init):
(webkit_print_operation_class_init):
(webkitPrintOperationRunDialogUnix): Use GtkPrintUnixDialog to
show the printing dialog in UNIX platforms.
(webkitPrintOperationRunDialogWin32): Empty, not implemented yet.
(drawPagesForPrintingCompleted): Callback called when printing
operation has finished in the web process.
(webkitPrintOperationRunDialogForFrame): Run the printing dialog
and start printing the given frame.
(webkit_print_operation_new): Create a new print operation for the
given web view.
(webkit_print_operation_get_print_settings):
(webkit_print_operation_set_print_settings):
(webkit_print_operation_get_page_setup):
(webkit_print_operation_set_page_setup):
(webkit_print_operation_run_dialog): Run the print dialog to print
the web view main frame.

(webkit_web_view_class_init): Add WebKitWebView::print-requested
signal.
(webkitWebViewPrintFrame): Emit print-requested and show the print
dialog to print the frame when not signal is not handled by user.

Fix EMS/EXS length resolving, when the target context has no renderer, eg.
<text display="none" dy="1em">ABC</text>, myText.dy.baseVal.getItem(0).value()
currently throws, even if <text> has a parent, we could use to resolve the length.

Always fall-back to parent context, to resolve EMS/EXS units, instead of ignoring it.
The current behaviour stays the same, if the target element is not in the document,
then we really can't resolve lengths like this.

The reason why QGLContext is included in Extensions3DQt.cpp is to
achieve an implicit gl.h inclusion (needed for GL_FALSE). This patch
replaces the inclusion with the OpenGLShims.h inclusions, which has
the necessary #ifdefs in place to pull in gl.h with Qt 5 without QtWidgets.

This change should introduce no change in behavior, and its
expected behavior is already covered by existing tests.

In calculateDrawTransformsAndVisibility, there is a complex
boolean condition that indicates whether we should create a
RenderSurface or not. This patch pulls out that boolean logic,
and wraps it in a helper function for much better readability.

Cache and share FontFamilyValue instances in the per-document CSSValuePool.
This reduces memory consumption by 248 kB on the Moz page cycler (64-bit)
and avoids a bunch of extra work.

This is a regression from the recent attribute style refactoring; previously
the mapped attribute declaration table would ensure that multiple 'font'
elements with the same 'face' value would share the same FontFamilyValue.

We're not yet sharing the entire CSSValueList returned by parseFontFamily()
but this is a step on the way there.

The argument checks are now elided if the corresponding SetArgument is dead,
and the abstract value of the argument is set to bottom (None, []). This is
performance neutral on the benchmarks we currently track.